rename RubyBundlerAnalyzer and javadoc

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundlerAnalyzer.java

@@ -1,3 +1,20 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2016 Bianca Jiang. All Rights Reserved.
+ */
 package org.owasp.dependencycheck.analyzer;
 
 import java.io.File;
@@ -7,16 +24,30 @@ import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.dependency.Dependency;
 
-public class RubyBundleInstallDeploymentAnalyzer extends RubyGemspecAnalyzer {
+/**
+ * Used to leverage Ruby gems that are deployed or installed by Ruby bundler (http://bundler.io).
+ * The difference of scanning gems installed by the bundler is that "bundle install" creates 
+ * a set of new .gemspec files under a folder called "specifications", in addition to the original 
+ * .gemspec files from source. The advantage of bundler generated .gemspec files is that 
+ * they contain fully resolved attributes, and original .gemspec from source often contain variable 
+ * for attributes.
+ * 
+ * This analyzer takes advantage of the fully resolved .gemspec installed by the bundler for 
+ * better dependency identification results. It also tries to resolve the dependency packagePath 
+ * to where the gem is actually installed. Then during <code>AnalysisPhase.PRE_FINDING_ANALYSIS</code>
+ * <code>DependencyBundlingAnalyzer</code> would merge the two dependencies together if they contain
+ * the same packagePath.
+ *
+ * @author Bianca Jiang (biancajiang@gmail.com)
+ */
+public class RubyBundlerAnalyzer extends RubyGemspecAnalyzer {
 	
+	//Folder name that contains .gemspec files created by "bundle install"
 	private static final String SPECIFICATIONS = "specifications";
+	
+	//Folder name that contains the gems by "bundle install"
 	private static final String GEMS = "gems";
 
-    /**
-     * The logger.
-     */
-//    private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleInstallDeploymentAnalyzer.class);
-    
     /**
      * Only accept *.gemspec stubs generated by "bundle install --deployment" under "specifications" folder.
      */

dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer

@@ -19,6 +19,6 @@ org.owasp.dependencycheck.analyzer.OpenSSLAnalyzer
 org.owasp.dependencycheck.analyzer.CMakeAnalyzer
 org.owasp.dependencycheck.analyzer.NodePackageAnalyzer
 org.owasp.dependencycheck.analyzer.RubyGemspecAnalyzer
-org.owasp.dependencycheck.analyzer.RubyBundleInstallDeploymentAnalyzer
+org.owasp.dependencycheck.analyzer.RubyBundlerAnalyzer
 org.owasp.dependencycheck.analyzer.RubyBundleAuditAnalyzer
 org.owasp.dependencycheck.analyzer.ComposerLockAnalyzer